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DETAILED ACTION 

1. This is a Final Office Action in response to the applicant's communication filed on April 
02, 2009. 

2. Claims 1-3 and 5-20 have been examined and are pending. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

4. Claims 1-3, 7-8, 10 and 11-19 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claims 1 and 11 recite "An authentication server for automatically selecting one of a 
plurality of authentications" and "An authentication server arrangement. Use of the word 
"server" or "authentication server" does not necessarily mean that the claim is directed to a 
machine. Only if at least one of the claimed elements of the server is a physical part of a device 
can the server as claimed constitute part of a device or a combination of devices to be a machine 
within the meaning of 101. Claim 1 is directed to comprise [a reception arrangement; a selector 
arrangement for selecting an authentication identifier in a memory and an authentication 
arrangement for authenticating said user and a redirector], claim 11 is directed to server 
arrangement including a receiver arrangement, selector arrangement, authenticator arrangement 
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and connector redirector arrangement for respectively performing receiving, selecting, 
authenticating and redirecting connection; and these claimed elements are not a processes 
occurring as a result of executing the software program, not a machine programmed to operate in 
accordance with the software program, not a manufacturer structurally and functionally 
interconnected with the program in a manner which enables the software program to act as a 
computer component and realize its functionality. They are also clearly not directed to a 
composition of matter. Therefore, claims 1 and 1 1, to those of ordinary skill in the art, may all 
be reasonably implemented as a software routines and therefore claims 1 and 1 1 are rejected 
as an authentication server of software or program per se, failing to fall within a statutory 
category of invention and rejected as non-statutory under 35 USC 101. Claims 2, 3, 7, 8 and 
claims 12-19 are also failing to fall within a statutory category of invention and rejected as non- 
statutory under 35 USC 101 with a s similar rationale give above to reject their corresponding 
independent claims. 

[See the applicant's disclosure for indicating the invention implemented as a 
program: 0075 and Figure 1: Authentication Server SA]: "the invention applies equally to a 
computer program adapted to implement the invention, in particular a computer program 
on or in an information medium. This program may use any programming language and be in 
the form of source code, object code, or an intermediate code between source code and 
intermediate code, such as in a partially compiled form, or in any other form suitable for 
implementing a method of the invention". 



Application/Control Number: 10/566,945 Page 4 

Art Unit: 2437 

Claim 10 recites "A physical information medium". Claim 10 is directed to a program 
itself, not a process occurring as a result of executing the program, a machine programmed to 
operate in accordance with the program nor a manufacturer structurally interconnected with the 
program in a manner which enables the program to act as a computer component and realize its 
functionality. The physical information medium include programs to receiver identifier, select an 
authentication identifier, authenticate and redirect connection. In addition, the "physical 
information medium" would suggest to one of ordinary skill signals or other forms of 
propagation and transmission media, typewritten or handwritten text on paper, or other items 
failing to be an appropriate manufacturer under 35 USC 101 in the context of computer-related 
inventions [See the applicant's disclosure for medium : 0075 and 0077 Moreover, the 
information medium may be a transmissible medium such as an electrical or optical signal, 
which may be routed via an electrical or optical cable, by radio or by other means. The program 
of the invention may in particular be downloaded over an internet type network.]. Therefore, 
claim 10 fails to fall within a statutory category of invention and rejected as non- statutory under 
35U.S.C. 101. 

Claim Rejections - 35 USC §112 
5. Claims 18-20 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply with 
the written description requirement. The claims contains subject matter which was not described 
in the specification in such a way as to reasonably convey to one skilled in the relevant art that 
the inventors, at the time the application was filed, had possession of the claimed invention. 
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The limitation in the claims "wherein there is no connection between the user terminal 

and the authentication server during the receiving, selecting, authenticating and redirecting 

steps" does not have support in the original disclosure as filed for the above negative limitation. 

The applicant's also did not provide specific section or paragraph of the discourse in support of 

the above negative limitation. 

[MPEP 2 173. 05 (i) Negative Limitations]. Any negative limitation or exclusionary 
proviso must have basis in the original disclosure. If alternative elements are positively 
recited in the specification, they may be explicitly excluded in the claims. See In re 
Johnson, 558 F.2d 1008, 1019, 194 USPQ 187, 196 (CCPA 1977) ("[the] specification, 
having described the whole, necessarily described the part remaining."). See also Ex parte 
Grasselli, 231 USPQ 393 (Bd. App. 1983), affd mem., 738 F.2d 453 (Fed. Cir. 1984). 
The mere absence of a positive recitation is not basis for an exclusion. The claims 
containing a negative limitation which does not have basis in the original disclosure 
should be rejected under 35 U.S.C. 1 12 , first paragraph, as failing to comply with the 
written description requirement. Note that a lack of literal basis in the specification for a 
negative limitation may not be sufficient to establish a prima facie case for lack of 
descriptive support. Ex parte Parks, 30 USPQ2d 1234, 1236 (Bd. Pat. App. & Inter. 
1993) See MPEP J. 2163 - & 2163 ,070)3. for a discussion of the written description 
requirement of 35 U.S.C. 1 12 , first paragraph. 



Response to Arguments 

6. Applicant's arguments filed on April 02, 2009 have been fully considered but they are not 
persuasive. 

The applicant argues that by amending claims 1, 10 and 11, the applicant suggests the 
claims complies with 35 USC 101. However, the applicant did not provide any substantial or 
persuasive argument or rationale to overcome the 101 rejection and the claims remain rejected as 
non-statutory under 35 USC 101. 

In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies 
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(i.e., Claim 1 indicates that there is only one authentication server which is distinct from 

the service servers, i.e., which is not included in a service server. 

and 

for each service request in claim 1, no connection between the terminal and the service 

server designated by the selected provider identifier is established.) 
are not recited in the rejected claim(s). Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re Van 
Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a 
general allegation that the claims define a patentable invention without specifically pointing out 
how the language of the claims patentably distinguishes them from the references. 

For at least the above reasons, the applicant's arguments are not persuasive to overcome 
the prior arts in record and place the independent claims in condition for allowance including 
their corresponding dependent claims. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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8. Claims 1-3 and 5-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sawa et al. (hereinafter referred to as, Sawa, US Pub. No.: 2003/0097593) in view of Ritola et al. 
(hereinafter referred to as Ritola, US Pub. No.: 2005/0289341). 

As per claim 1 : 

Sawa discloses an authentication server for automatically selecting one of a plurality of 
authentications identified respectively by authentication identifiers in order to authenticate a user 
of a terminal in order to authorize the user to access a service dispensed by one of a service 
server of providers identified respectively by provider identifiers via a communication network 
the server comprising: 

a reception arrangement for receiving from said terminal a provider identifier selected in 
said terminal in response to a connection set up between said user terminal and said 
authentication server (0053; web server receive), 

a selector arrangement for selecting an authentication identifier in a memory as a function 
of the type of at least one of said terminal and said communication network (0044; 0048; 0049; 
0053; 0056: an authentication method suitable for the user terminal is selected, by using the data 
of a request for service from a user terminal and various types of authentication methods are 
supported, and accordingly various types of terminals can be supported. The terminal 
information object preparation process, the carrier or communication employer and type of user 
terminal that issues an HTTP request are specified). 

an authenticator arrangement for authenticating said user by using an authentication 
process associated with said selected authentication identifier (0058; 0059: Using the determined 
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authentication method, various types of data, for example, a user's name, passwords, etc., 
required for the authentication process are obtained, and an authentication database is accessed, 
thereby checking the validity of a user terminal). 

Sawa does not explicitly teach the authentication identifier as a function of the selected 
provider identifier and a redirection arrangement for redirecting said connection with said 
terminal to a service server corresponding to said selected provider identifier if said user has 
been authenticated. Ritola, in analogous art, however teaches the authentication identifier as a 
function of the provider identifier (0048; 0051; 0052; provides service if authentication by 
identity provider identifier corresponding to each service provider stored in memory of the 
terminal is successful) and a redirection arrangement for redirecting said connection with said 
terminal to a service server corresponding to said selected provider identifier if said user has 
been authenticated (0015; 0048). Therefore, it would have been obvious to a person having 
ordinary skill in the art at the time the invention was made to modify the system disclosed by 
Sawa to include the authentication identifier as a function of the provider identifier and a 
redirection arrangement for redirecting said connection with said terminal to a service server 
corresponding to said selected provider identifier if said user has been authenticated. This 
modification would have been obvious because a person having ordinary skill in the art would 
have been motivated to do so to provide a reliable and more secure automated authentication 
method and system from a service provider's authentications request without a user intervention 
as suggested by Ritola in (0005; 0006). 
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As per claims 2 and 12: 

Sawa discloses the authentication server, wherein said selector arrangement is arranged to 

select said authentication identifier as a function of an authentication security level (0058: set 

selected authentication method with a high security level as the authentication method with high 

priority). Sawa does not explicitly teach authentication identifier a function to said selected 

provider identifier. Ritola, in analogous art, however teaches authentication identifier in 

corresponding relationship to said selected provider identifier (0048; 0051; 0052; provides 

service if authentication by identity provider identifier corresponding to each service provider 

stored in memory of the terminal is successful). Sec motivation given in claim 1. 

As per claims 3 and 13: 

Sawa discloses an authentication server, wherein said selector arrangement is arranged to 
select said authentication identifier as a function of authentication rules associated with and 
applied to at least an authentication security level corresponding to said terminal type and said 
communication network type (0069-0070; matrix for determining authentication method in the 
authentication method decision process). Sawa does not explicitly teach authentication identifier 
a function to said provider identifier. Ritola, in analogous art, however teaches authentication 
identifier in corresponding relationship to said provider identifier (0048; 0051; 0052; provides 
service if authentication by identity provider identifier corresponding to each service provider 
stored in memory of the terminal is successful). See a motivation given in claim 1 . 



As per claims 5 and 14: 
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Sawa does not explicitly teach an authentication server, wherein said selector 
arrangement is arranged to transmit to said terminal a list of services identified by service 
identifiers in response to said connection set up between said user terminal and said 
authentication server, and said user terminal is arranged to transmit to said selector arrangement 
a service identifier of a service selected by said user in the transmitted list in order for said 
authentication server to select said authentication identifier as a function also of said selected 
service identifier. Ritola, in analogous art, however teaches an authentication server, wherein 
said authentication server is arranged to transmit to said terminal a list of services identified by 
service identifiers in response to said connection set up between said user terminal and said 
selector arrangement, and said user terminal is arranged to transmit to said selector arrangement 
a service identifier of a service selected by said user in the transmitted list in order for said 
selector or arrangement to select said authentication identifier as a function also of said selected 
service identifier (Figure 5:51 select different single sign authentication module corresponding 
to each service provider by selecting identity provider 57; Figure 4: identity provider identifier 
authentication request and response communication between terminal and service provider). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to modify the system disclosed by Sawa to include an 
authentication server, wherein said authentication server is arranged to transmit to said terminal a 
list of services identified by service identifiers in response to a connection set up between said 
user terminal and said authentication server, and said user terminal is arranged to transmit to said 
selector arrangement a service identifier of a service selected by said user in the transmitted list 
in order for said authentication server to select said authentication identifier as a function also of 
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said selected service identifier. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to do so to provide a reliable and 
more secure automated authentication method and system from a service provider's 
authentications request without a user intervention as suggested by Ritola in (0005; 0006). 

As per claims 6 and 15: 

Ritola discloses the authentication server, wherein said authentication server is arranged 
to transmit said user terminal a list of provider identifiers in response to a connection set up 
between said user terminal and said selector arrangement and said terminal is arranged to 
transmit to said selector arrangement a provider identifier selected by said user in the transmitted 
list in order for said selector arrangement to select said authentication identifier as a function of 
said selected provider identifier (0051; 0052: IDP displays a list of identity providers that are 
acceptable by service provider and terminal; a user selects a particular provider identifier and 
sends an authentication request). 

As per claims 7 and 16: 

Sawa discloses the authentication server, wherein, if said user has been authenticated, the 
authenticator arrangement is arranged to transmit to said service server said terminal type, said 
communication network type, said transmitted service identifier, and a security level of the 
authentication associated with said selected authentication identifier (0095; 0096; 101; terminal 
information object cache). 
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As per claims 8 and 17: 

Sawa discloses an authentication server, further comprising two separate servers 

respectively including said selector arrangement and said authenticator arrangement (0051; 0052; 

mobile agent server; web server, and mobile agent; mobile agent for selecting an authentication 

method). 

As per claim 9: 

Sawa discloses a method in an authentication server of automatically selecting one of a 
plurality of authentications identified respectively by authentication identifiers in order to 
authenticate a user of a terminal to authorize said user to access a service dispensed by one of 
service servers of a providers identified respectively by a provider identifiers via a 
communication network, the method comprising: 

receiving from said terminal a provider identifier selected in said terminal in response to 
a connection set up between said user terminal and said authentication server (0053; web server 
receive), 

selecting an authentication identifier in a memory as a function of the type of at least one 
of said terminal and said communication network (0044; 0048; 0049; 0053; 0056: an 
authentication method suitable for the user terminal is selected, by using the data of a request for 
service from a user terminal and various types of authentication methods are supported, and 
accordingly various types of terminals can be supported. The terminal information object 
preparation process, the carrier or communication employer and type of user terminal that issues 
an HTTP request are specified), and 
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authenticating said user by an authentication process associated with said selected 
authentication identifier (0058; 0059: Using the determined authentication method, various types 
of data, for example, a user's name, passwords, etc., required for the authentication are obtained, 
and an authentication database is accessed, thereby checking the validity of a user terminal). 

Sawa does not explicitly teach the authentication identifier as a function of the provider 
identifier and redirecting said connection with said terminal to a service server corresponding to 
said selected provider identifier if said user has been authenticated. Ritola, in analogous art, 
however teaches the authentication identifier as a function of the provider identifier (0048; 0051; 
0052; provides service if authentication by identity provider identifier corresponding to each 
service provider stored in memory of the terminal is successful) and redirecting said connection 
with said terminal to a service server corresponding to said selected provider identifier if said 
user has been authenticated (0015; 0048). Therefore, it would have been obvious to a person 
having ordinary skill in the art at the time the invention was made to modify the system disclosed 
by Sawa to include the authentication identifier as a function of the provider identifier and 
redirecting said connection with said terminal to a service server corresponding to said selected 
provider identifier if said user has been authenticated. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so to 
provide a reliable and more secure automated authentication method and system from a service 
provider's authentications request without a user intervention as suggested by Ritola in (0005; 
0006). 
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As per claim 10: 

Sawa discloses a physical information medium: adapted to be loaded into and executed 
by an authentication server, the medium including a program for enabling the authentication 
server to automatically select one of a plurality of authentications respectively identified by 
authentication identifiers in order to authenticate a user of a terminal in order to authorize said 
user to access a service dispensed by one of service servers of providers identified respectively 
by provider identifiers via a communication network, said program including program 
instructions for enabling the authentication server to: 

receiving from said terminal a provider identifier selected in said terminal in response to 
a connection set up between said user terminal and said authentication server (0053; web server 
receive), 

selecting an authentication identifier in a memory as a function of the type of at least one 
of said terminal and type of said communication network (0044; 0048; 0049; 0053; 0056: an 
authentication method suitable for the user terminal is selected, by using the data of a request for 
service from a user terminal and various types of authentication methods are supported, and 
accordingly various types of terminals can be supported. The terminal information object 
preparation process, the carrier or communication employer and type of user terminal that issues 
an HTTP request are specified), and 

authenticating said user by an authentication process associated with said authentication 
identifier (0058; 0059: Using the determined authentication method, various types of data, for 
example, a user's name, passwords, etc., required for the authentication process are obtained, and 
an authentication database is accessed, thereby checking the validity of a user terminal). 
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Sawa does not explicitly teach the authentication identifier as a function of the provider 
identifier and redirecting said connection with said terminal to a service server corresponding to 
said selected provider identifier if said user has been authenticated. Ritola, in analogous art, 
however teaches the authentication identifier as a function of the provider identifier (0048; 0051; 
0052; provides service if authentication by identity provider identifier corresponding to each 
service provider stored in memory of the terminal is successful) and redirecting said connection 
with said terminal to a service server corresponding to said selected provider identifier if said 
user has been authenticated (0015; 0048). Therefore, it would have been obvious to a person 
having ordinary skill in the art at the time the invention was made to modify the system disclosed 
by Sawa to include the authentication identifier as a function of the provider identifier and 
redirecting said connection with said terminal to a service server corresponding to said selected 
provider identifier if said user has been authenticated. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so to 
provide a reliable and more secure automated authentication method and system from a service 
provider's authentications request without a user intervention as suggested by Ritola in (0005; 
0006). 

As per claim 1 1 : 

Claim 11 is a data processor arrangement for performing the method of claim 9. 
Therefore, claim 1 1 is rejected with a similar rationale and reason given above to reject claim 9 
as being unpatentable over Sawa in view of Ritola. 
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As per claim 18, 19 and 20 

Sawa discloses there is no connection between the user terminal and the authentication 
server during the receiving, selecting, authenticating and redirecting steps (0026; provided from 
cache service). 

Conclusion 

9. The prior arts made of record and not relied upon arc considered pertinent to applicant's 
disclosure. See the notice of reference cited in form PTO-892 for additional prior arts. 

10. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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Contact Information 

11. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to TECHANE J. GERGISO whose telephone number is (571)272- 
3784 and fax number is (571) 273-3784. The examiner can normally be reached on between 
9:00am - 6:00pm. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/Techane J. Gergiso/ 
Examiner, Art Unit 2437 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 
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